1. Who is the controller, who can you contact?
The controller for processing your personal data may be the notaries Ingo Winterstein and Dr Gero Pfeiffer. When fulfilling his notarial duties, each of the abovementioned notaries is a sole controller within the meaning of data protection law regulations. For all enquiries relating to data protection, you can contact the responsible notary public in each case or the corresponding data protection officer. Contact can be established as follows:
1.) Notary public Ingo Winterstein
1) Data protection officer for notary public Ingo Winterstein
+49 69 170000-229
iwinterstein [at] goerg.de
dsb_notar_iwinterstein [at] goerg.de
2.) Notary public Dr Gero Pfeiffer
2) Data protection officer for notary public Dr Gero Pfeiffer
F: +49 69 170000 229
gpfeiffer [at] goerg.de
dsb_notar_gpfeiffer [at] goerg.de
Ulmenstraße 30
60325 Frankfurt
2. Which data do I process and where does the data come from?
I process personal data such as
- data regarding personal identification, such as first and last name, date and place of birth, nationality, marital status; in individual cases your birth register number;
- data for establishing contact, such as mailing address, phone and fax numbers, email address;
- for property contracts, your tax ID number;
- in particular cases, such as marriage contracts, wills, deeds of inheritance or adoptions, also data about your family situation and your assets, as well as information about your health status or other sensitive data, for instance because this serves to document your legal capacity;
- in particular cases, also data regarding your legal relationships with third parties, such as reference numbers or loan or account numbers with financial institutions.
In general I will obtain this data directly from you. If I have not obtained your data directly from you, it was provided to me by the party contracting me.
I also process data from public registers, such as the land register, commercial register and association registers.
3. For wich purposes and on what legal basis does data processing occur?
As a notary public, I hold a public office. My official work is to perform a task which lies in the general interest of proper preventive administration of justice, and thereby in the public interest, as well as in the exercise of official authority (Art. 6 (1) Sentence 1 (e) of the General Data Protection Regulation (GDPR)).
Your data will exclusively be processed in order to conduct the notarial activities requested by you, and potentially by other individuals involved in a transaction, according to my official duties, for instance to draft certificates, to perform notarisation and documentation procedures or to provide advice. Therefore, the processing of personal data only occurs on the basis of professional and procedural stipulations that I am bound to fulfil, primarily resulting from the Federal Notarial Code (Bundesnotarordnung) and the Notarial Act (Beurkundungsgesetz). At the same time, these provisions also establish a legal obligation for me to process the necessary data (Art. 6 (1) Sentence 1 (c) GDPR). Failure to provide the information I request from you would make it necessary for me to refuse any (ongoing) exercise of my official business.
If I am not acting for the fulfilment of public services, I process your data in order to pursue my legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms override this (Art. 6 (1) Sentence 1 (f) GDPR).
4. To whom do I transfer data?
As a notary public, I am subject to a statutory obligation of confidentiality. This obligation of confidentiality also applies for all my employees, and other individuals engaged by me, who are involved in fulfilment of my duties.
In any other case, I may only transfer your data if and insofar as I am obligated to do so in the individual case, for instance due to notification obligations vis-à-vis financial authorities, or to public registers such as the land register, trade or association register, central register of wills, register for enduring powers of attorney, courts such as probate courts, guardianship court or family court, or authorities. As part of registry and administrative supervision, under certain circumstances I am also obligated to provide information to the Chamber of Notaries Public or my professional supervisory authority, who are also subject to an official obligation of confidentiality.
In any other cases, I will only transfer your data if I am obligated to do so based on declarations submitted by you, or if you have requested the transfer.
5. Is data transferred to thid countries?
Your personal data will only be transferred to third countries if specially requested by you, or if and insofar as a party to the deed is registered in a third country.
6. How long will your data be stored?
I process and store your personal data within the framework of my statutory retention obligations.
According to Section 5 (4) of the Official Regulations for Notaries Public (DONot), the following retention periods apply for the retention of notarial documents:
- deed book, index of inheritance contracts, name directory for the deed book and collection of deeds including the separately retained inheritance contracts (Section 18 (4) DONot): 100 years,
- securities registry, estate accounts, name directory for the estate accounts, escrow account list, general files: 30 years,
- ancillary files: 7 years; the notary public may determine a longer retention period in writing by the last editing of content at the latest, for instance in the event of testamentary disposition or if there is risk of recourse; this stipulation can also be generally reached for individual types of legal transactions such as testamentary dispositions.
After the expiry of the retention periods, your data will be erased and/or the paper documents will be destroyed, unless I am obligated to adhere a longer storage period according to Article 6 (1) Sentence 1 (c) GDPR, due to retention and documentation obligations under tax and trade law (from the commercial code, criminal code, money laundering law or tax code), or professional regulations for the purpose of reviewing conflicts of law, or if I am entitled to further retention according to Article 6 (1) Sentence 1 (f) GDPR to defend against any liability claims.
7. What rights do you have?
You have the right
- to receive information about whether I am processing personal data concerning you, and if so, the purposes for which I am processing the personal data and which categories of personal data I am processing, to whom the data is transferred, how long the data will be stored and which rights you have in this regard.
- to request the rectification of personal data I have stored concerning you. You also have the right to request the completion of incomplete data I have stored concerning you;
- to request the erasure of personal data concerning you, as long as there is a legal reason for erasure (see Art. 17 GDPR) and the processing of your data is not required in order to fulfil a legal obligation or for other overriding reasons within the meaning of the GDPR;
- to request that I restrict the further processing of your data, e.g. to assert legal claims or for reasons of significant public interest, for instance while I review your claim to rectification or objection, or if I reject your request for erasure (see Art. 18 GDPR);
- to object to processing, insofar as this is required for me exercise my duties within the public interest or to fulfil my public office, if the reasons for the objection result from your particular situation;
- to lodge a data protection complaint with a supervisory authority. The supervisory authority with jurisdiction over me is the Hessian Data Protection and Freedom of Information Officer, PO Box 3163, 65021 Wiesbaden, Phone: +49-611-1408-0, Fax: +49-611-1408-611
